VRF Configuration Guide
此内容尚不支持你的语言。
Introduction
Section titled “Introduction”VRF (Virtual Routing Forwarding) is also known as a VPN-instance. VRF is a logical division of physical devices. Using VRF, we can create multiple virtual devices on a single physical device, each of which is like a separate device with a separate route table, separate route process and separate interfaces, etc. This technology allows for complete isolation of data or services. In MPLS VPNs, VRF enable operators to provide VPN services to multiple customers on the same PE (Provider Engine) device, adding customers to different VRFs, making the route data between these customers completely isolated and not conflicting even if they use the same IP address space.
Basic Concepts
Section titled “Basic Concepts”A physical machine can maintain multiple VRFs, each of which can be seen as a virtual router that contains the following elements: a separate route table, a collection of interfaces belonging to this VRF, and a set of route rules that belong only to this VRF. Configuring service port VRFs can assign different users to different VRFs, solving the problems of overlapping addresses and local route conflicts.
VRF Configuration
Section titled “VRF Configuration”Table 1 Overview of VRF Configuration Tasks
| Configuration Tasks | Description | Refer to | |
|---|---|---|---|
| Service port VRF | Configure vrf for service port | Optional | Configure vrf for service port |
| Bind the interface to vrf | Optional | Bind the interface to vrf | |
| Configure specified VRF route | Optional | Configure specified VRF route | |
| Set MAC of VRF | Optional | Set MAC of VRF |
Configure vrf for service port
Section titled “Configure vrf for service port”Naming rules: only upper- and lower-case letters, numbers, . , _, -, e.g. vrf100.
Table 2 Configure VRF of the Service Port
| Purpose | Commands | Description |
|---|---|---|
| Enter global configuration view | configure terminal | - |
| Create VRF | vrf vrf-name | - |
Bind the interface to vrf
Section titled “Bind the interface to vrf”Table 3 Bind the interface to vrf
| Purpose | Commands | Description |
|---|---|---|
| Enter global configuration view | configure terminal | - |
| Enter interface configuration view. | interface interface-type interface-number | interface-type: optional vlan, ethernet, link-aggregation, sub-interface, loopback, mgmt. |
| VRF binds to the specified interface | vrf vrf-name | - |
Configure specified vrf route
Section titled “Configure specified vrf route”Users are isolated between different VRFs, and to communicate across VRFs, you need to configure the appropriate VRF routes, specifying the VRF where the route is located and the VRF where the next hop is located.
Table 4 Configure specified vrf route
| Purpose | Commands | Description |
|---|---|---|
| Enter global configuration view. | configure terminal | - |
| Enter VRF configuration view. | vrf vrf-name | - |
| Add a specified VRF route. | ip route A.B.C.D/M A.B.C.D [nexthop-vrf vrfname] | optional in [ ].<A.B.C.D/M> is the destination IP of the route <A.B.C.D> is the IP address of the next hop of the route |
op-vrf means that the VRF where the next hop is located is the same as the VRF where the route is located.
Set vrf MAC
Section titled “Set vrf MAC”Table 5 Set vrf MAC
| Purpose | Commands | Description |
|---|---|---|
| Enter global configuration view. | configure terminal | - |
| Enter VRF configuration view. | vrf vrf-name | - |
| Set the MAC of VRF. | mac HH:HH:HH:HH:HH:HH | - |
Display and Maintenance
Section titled “Display and Maintenance”VRF Configuration Display
Section titled “VRF Configuration Display”Table 6 VRF Configuration Display
| Purpose | Commands | Description |
|---|---|---|
| Show VRF basic information. | show vrf brief | - |
| Show information about VRF and interface. | show vrf interface | - |
Typical Configuration Example
Section titled “Typical Configuration Example”Configure Service Port VRF
Section titled “Configure Service Port VRF”- Networking Requirements A large number of hosts in an enterprise’s network center are causing IP address conflicts. VM1 and VM2 belong to department 1, VM3 and VM4 belong to department 2. Please configure VRF to solve the problem, requiring that hosts in the same department can access each other and cannot access hosts in other departments to achieve logical division and security isolation.
- Topology
- Procedure
#Create vrf100, 200
sonic# configure terminalsonic(config)# vrf 100sonic(config)# vrf 100#Bind the corresponding port
sonic# configure terminalsonic(config)# interface ethernet 0/0sonic(config-if-0/0)# vrf 100sonic(config)# interface ethernet 0/1sonic(config-if-0/1)# vrf 100sonic(config)# interface ethernet 0/2sonic(config-if-0/2)# vrf 200sonic(config)# interface ethernet 0/3sonic(config-if-0/3)# vrf 200#Configure port IP
sonic# configure terminalsonic(config)# interface ethernet 0/0sonic(config-if-0/0)# ip address 10.0.0.1/24sonic(config)# interface ethernet 0/1sonic(config-if-0/1)# ip address 11.0.0.1/24sonic(config)# interface ethernet 0/2sonic(config-if-0/2)# ip address 12.0.0.1/24sonic(config)# interface ethernet 0/3sonic(config-if-0/3)# ip address 13.0.0.1/24- Verify configuration
sonic# show vrf interfaceVM1 ping VM2 can be pinged, VM1 ping VM4 cannot be pinged.